Decrypting pkcs7 messages

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Decrypting pkcs7 messages

Hadmut
Hi,

a question about pkcs7 decryption:


An encrypted pkcs7 message (enveloped) contains a list of
recipient info objects (i.e. the subject name of the issuer and the
serial number of the certificates used for encryption).

When I pass a certificate and a private key to the library,
the library uses that list to find the matching RSA encrypted session
key. But to do so I need to know which private key to use.

If I don't know yet which key is to be used for decryption, it would
be nice to extract this list from a pkcs7 message to check whether I
have any of these keys.

How would I get this list of recipient_info records from the openssl
API?

regards
Hadmut
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Decrypting pkcs7 messages

Tan Eng Ten
Hi,

U can loop through every PKCS7_RECIP_INFO object in
P7->d.enveloped->recipientinfo stack and print the issuer and serial like:
X509_NAME_print(bio, recp_info->issuer_and_serial->issuer, ....)
i2a_ASN1_INTEGER(bio, recp_info->issuer_and_serial->serial, .....)

Hadmut Danisch wrote:

> Hi,
>
> a question about pkcs7 decryption:
>
>
> An encrypted pkcs7 message (enveloped) contains a list of
> recipient info objects (i.e. the subject name of the issuer and the
> serial number of the certificates used for encryption).
>
> When I pass a certificate and a private key to the library,
> the library uses that list to find the matching RSA encrypted session
> key. But to do so I need to know which private key to use.
>
> If I don't know yet which key is to be used for decryption, it would
> be nice to extract this list from a pkcs7 message to check whether I
> have any of these keys.
>
> How would I get this list of recipient_info records from the openssl
> API?
>
> regards
> Hadmut
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]